NERC Standards News Briefs: May 8-9, 2019

S T. LOUIS – The NERC Board of Directors voted on Thursday to approve a supply chain report and a new rule on transient third-party electronic devices while withdrawing 84 reliability requirements. Below is a summary of the actions and discussions on the standards at the May 8 and 9 meetings of the Trustees and the Committee of Member Representatives (MRC).

Standards efficiency review retreats

Completing Phase 1 of the Standards Efficiency Review (SER) project that began in 2017, administrators approved the complete removal of 10 standards and the elimination of some requirements for seven standards.

NERC also approved the withdrawal of MOD-001-2, which has been waiting FERC approval since February 2014 (RM14-7). Its objective was to ensure that the calculations of the capacity of the available transmission system are compatible with the reliability and that the methodology and the data behind the calculations are disclosed to the corresponding registered entities. The standard authorization request (SAR) said that the standard was no longer necessary because other standards, including subsequent improvements to the transmission operator's rules, ensure that real-time operations respect the system's operating limits.

In total, 77 requirements and part of a requirement are being removed in addition to the six MOD requirements that are being withdrawn.

The seven standards for which only some of the requirements were eliminated received updated version numbers that reflect the revisions:

FAC-008-4 – Facility qualifications

INT-006-5 – Evaluation of exchange transactions

INT-009-3 – Exchange Implementation

IRO-002-7 – Reliability Coordination – Monitoring and analysis (which reflects the withdrawal of Requirement R1 and a variation for the reliability coordinators in WECC, see below).

PRC-004-6 – Identification and correction of failures in the protection system

TOP-001-5 – Transmission operations

VAR-001-6 – Voltage and reagent control

Gugel said that the FERC staff has expressed concern about some of the retirements, but that the NERC staff agrees with the reasons provided by the standards development team and trusts that the retirements will not cause any vulnerability. "When we file this with FERC, we will provide additional supporting arguments and explain how all the requirements of these standards come together to bridge any potential gaps," he said in response to a question from President Roy Thilly.

| NERC

Team reviewing comments on SER Phase 2

Phase 2 of the Standards Efficiency Review is considering changes in six areas of the organization's operations and planning (O & P) and critical infrastructure protection (CIP) regulations.

John Allen, president of SER Phase 2, informed the MRC about the results of the industry survey that ended on March 22 with presentations from 75 participants. (See "The president exhorts comments on the efficiency review of standards" Reports of the NERC Standards Committee: March 20, 2019.)

The participants were I ask to indicate through a scale of 1 to 10 how much each of the six concepts supported.

Changes to the evidence retention rules, which vary by standard, ranked highest at 8.12, said Allen, reliability compliance manager for City Utilities of Springfield (Mo.). It was followed closely by the consolidation of the information / data exchange requirements (8.11); move from the requirements to the guide (7.85) and develop a standard template based on risk (7.78).

Less popular were the relocation of competency-based requirements for the certification / control program review process (6.85) and the consolidation and simplification of training requirements (6.19).

The Phase 2 team will use the comments to evaluate and prioritize the concepts for the potential action.

The fiduciaries approved the reliability standard. IRO-002-6 (Reliability Coordination – Monitoring and analysis), which adds a variation for the WECC region to address its transition to multiple reliability coordinators (RC) with the disappearance of Peak Reliability. (He was immediately supplanted by IRO-002-7, which reflects the withdrawal of Requirement 1 from Phase 1 of the SER).

The variance requires each RC to develop a "common interconnection modeling and monitoring methodology" for use in the analysis of operational planning and real-time assessments, including facility ratings, thermal limits, and voltage limits. of stable state.

"The actions that happen in the northwest can affect the southwest, so it's important for us to have that coordination throughout the model," said David Godfrey, vice president of reliability and security oversight at WECC, in an update on the RC transition. . .

The Eastern Interconnection, which has 16 RC, has not requested the standardization requirement that WECC sought, Gugel said.

"In the Eastern Interconnection, there is a lot of coordination that occurs there, but the geographical distribution and regional diversity sometimes do not lend themselves to a common model," he said. "Something that is happening in Florida because of an operating situation may not be necessary for people in Manitoba. It seems to be necessary in the Western Interconnection, but we are still evaluating if it would be necessary in the East. "

Godfrey's presentation included a map showing that most of the West has chosen CAISO's or SPP's RC services, but that several single generation balancing areas (wind, solar, and gas units) have selected Grid force Energy management.

Traces of the western interconnection reliability coordinator, with GridForce RC marked as red dots | WECC

"This will fit within our certification criteria?" Thilly asked.

"We are at the beginning of that part of the process," responded NERC's general counsel, Charlie Berardesco. "I would ask for some patience as we consider the application and the real technical details … We have not yet made a determination with anyone."

CEO Jim Robb said that transmission operators and balance sheet authorities are responsible for ensuring that they have an accredited RC.

"We made it very clear when all this regime change began a year and a half ago, and if by the time Peak Peak decreases, there are no certified reliability coordinators in place, we take out the heavy ones." actions of fulfillment of duties, "said Robb.

He also said he was concerned about the sewing between Arizona and California, and noted that "that has been a corridor where bad things have happened in the past."

"Are we quite sure that the seam agreements that are being developed will provide fairly fluid operations on those roads?" He asked Godfrey.

Godfrey said yes, adding: "We will continue to monitor that to make sure that [the agreements are] imposed. "

The NERC Working Group will be based on the EMP EPRI study

Mark Lauby, senior vice president and director of reliability for NERC, told MRC that the organization is launching a task force in response to the April report from the Electric Power Research Institute on the threat of electromagnetic pulses.

Lauby said the working group will review the EPRI report to identify additional research needs, best practices and possible reliability standards to mitigate impacts. He noted that the report did not analyze the impacts on generation.

The group is expected to start work this month and submit any SARs to the Standards Committee, if necessary, in the fourth quarter.

"This is not to relay the results of the investigation," Lauby said. "But rather, now, with what we have learned from those results … we are better informed to understand exactly what makes sense from the perspective of a guide or standard perspective."

Robb told the Board of Trustees on Thursday that Lauby has established an "aggressive" timeline.

"Now we understand science," he said. "So we can galvanize our resources, and those in the industry, to start thinking, OK, what kind of response is required here?"

The supply chain report recommends expanding the standards

The administrators accepted Supply chain report, which recommends reviewing supply chain standards to address electronic access control or monitoring systems (EACMS) and physical access control systems (PACS) to cybernetic systems for bulk and high-impact electrical systems . The monitoring, alarm and registration systems would be excluded.

Among the best practices cited in the report are the use of "recognized, reliable and established suppliers" and those with third-party accreditations or self-certification of their supply chain practices.

"We are ready to facilitate; "We do not pretend to be the accredited, but we want to be part of the process," Gugel told MRC on Wednesday.

The report did not recommend the inclusion of all low-impact BES systems in the standards, but requested further study on whether low-impact systems with external routable connectivity should be covered. The staff is working on a data request in accordance with Section 1600 of the NERC Rules of Procedure for additional information on the subject. It will also continue to monitor the issue through questionnaires and surveys.

Meanwhile, to address the potential risks to such systems, the staff will work with the Supply Chain Working Group of the Critical Infrastructure Protection Committee (CIPC) to develop guidelines that help entities evaluate their protected cyber assets. by case. The report also recommends that entities refer to the best practices of the North American Broadcast Forum, the North American Generation Forum, the National Association of Rural Electric Cooperatives and the American Public Energy Association.

Approved CIP Standard

The trustees approved CIP-003-8 (Cyber ​​Security – Security Management Controls) in response to the FERC order of April 2018 approving CIP-003-7 and ordering NERC to modify it to "mitigate the risk of malicious code that could result from third parties. Transient electronic devices ".

Section 5.2.1 in Annex 1 of CIP-003-7 requires the use of at least one security device before connecting a transient cyber-asset to a low impact BES cyber system, including revisions to antivirus updates and the inclusion in the white list of applications.

The revision adds a new section 5.2.2 to ensure that the entity acts to mitigate the risks identified in the revisions in Section 5.2.1. It requires entities to "determine if additional mitigation actions are necessary and implement those actions before connecting the transient cybernetic asset" (Project 2016-02).

Evidence that entities can provide compliance includes documentation of change management systems, email and contracts that identify a review.

FERC Briefing

Andy Dodge, director of the FERC Office of Electrical Reliability, provided the MRC with an update of two reliability standards pending before the commission:

Comments will be received on June 24 in the Proposed Rule Notification Notice proposed by the FERC on April 18 that proposes to adopt CIP-012-1 (Cybersecurity – Communications between control centers), which would require protections for communication links and the data communicated between the BES control centers and clarify the types of data that should be protected (RM18-20). (Watch FERC proposes revisions to the NERC CIP standard.)

Also pending is CIP-008-6 (Reports of cybersecurity incidents), which NERC filed on March 7 in response to a FERC order of July 2018 (RM18-2). The commission called for an expanded report of cybersecurity incidents and said attempts that were not currently reported could lead to larger and more successful attacks. The standard would expand the mandatory reports to include actual or attempted commitments of the electronic security perimeter (ESP) of an associated entity or EACMS. (Watch FERC orders expanded cybersecurity reports.)

Dodge also mentioned on March 29 the FERC staff. report about the lessons learned from the CIP audits conducted by the commission in the 2018 fiscal year. The second in what is considered an annual report, includes the results of the audits of the Electric Reliability Office and the contributions of the Application Office and Security of Energy Infrastructure.

The report makes 13 recommendations, including the implementation of valid security certificates within BES's cyber systems; use strong encryption for interactive remote access; and replace or update the components of the "end-of-life" system of cyber assets.